Data ownership and telematics propositions: interview
We met Luke Scanlon, a Consultant Lawyer for Pinsent Masons LLP to discuss the latest data related issues in telematics insurance.
Thomas Hallauer: Who owns the driving data that is produced by telematics? Is it the policy holder, the insurance provider or the third party providing the technology?
Luke Scanlon: You have to be careful when talking about data and ownership. Data protection laws do not determine who ‘owns’ data but provide that certain legal rights attach to data when data relates to individuals. If a person can be made identifiable through driving data then data protection laws will apply to it. These laws will give the policy holder and/or other drivers certain rights to control the data, including the right to object to automated processing (ie. profiling) in some circumstances and the rights to require data to be rectified and erased. Data protection laws will not apply if data has been sufficiently anonymised to the point where there is no real risk of the person being identified by the anonymised data in circumstances where it may be combined with other data or otherwise reveal a person’s identity. Together with the data subject, the owner of the database in which data are stored will have certain database rights.
These rights prevent anyone other than the owner of the database from extracting or re-utilising the whole database or a substantial part of it.
They also prevent systematic extraction or re-utilisation of insubstantial parts of the database. The owner of the database will be an organisation that has made the substantial investment in ‘obtaining, verifying or presenting’ the content of the database.
This is a matter that should be clarified in any agreement between a technology provider and an insurer in respect of telematics. The owner of the database can commercialise the data so long as it has met its data protection obligations where the information relates to living individuals.
These duties include transparency obligations regarding the insurer’s intended use of the data and the rights of data subjects.
What about Data Clearing House, such as those appearing in the US for the purpose of claims management as well as risk profiling. Can that model be replicated in Europe?
As long as the correct contractual provisions are in place and data protection laws are observed in accordance to each national regulations as stated above, it is possible for these type of arrangements to be agreed to in Europe.
In your opinion, do the benefits of data sharing apply mostly to insurers or to consumers, and if it is mostly to the consumer, can these benefits be communicated back to consumers in a way that helps to increase adoption?
The benefits to society and customers of insurers more accurately understanding risk are substantial. It also opens up a very interesting discussion about what role insurers will play in society in the future. To what extent should insurers that can combine data and foresee health risks, natural disasters, motor vehicle failures and other detrimental events be responsible to inform those who are susceptible to those risks? In more real terms, insurers can communicate to consumers the individual benefits of pricing premiums more accurately and developing customer channels and marketing that is more personalised to suit their needs.
But isn’t there a conflicting interest here? If the insurer is able to prevent risk and especially prevent fraud, it will be forced to lower the premiums? Is too much risk management bad for the insurance sector?
I don’t think so. It may however mean that those that are less capable of accurately measuring risk and those that are slow to adopt new technology will lose out.
What impact do you see competition law and privacy rights having on data sharing viability?
Regulators need to balance the needs of consumer protection and fair market competition against the need to promote innovation. As the law has largely failed to keep pace with technology in many respects, it falls to the regulators (and where called upon courts) to interpret laws in such a way to ensure that the balance is struck in a way that will promote not only the best outcomes for individual consumers but also the overall economy.
For insurance companies that do not yet have a telematics proposition, what do they need to know in advance?
They need to think about their data protection compliance framework – how to be transparent about their use of data, how to engage effectively with consumers regarding their rights and how to ensure that they are keeping an audit trail and conducting impact assessments where data are being shared with other organisations. In terms of the flow of data, they should ensure that they have the necessary contractual arrangements in place to ensure that they have the desired level of control over the data and oversight over the operation of the technology and the data network. They also need to think more generally about the customer and their high level financial services regulatory obligations to act in the best interest of customers and to treat customers fairly.
“This interview was done in preparation for the Telematics Insurance Europe, Private Auto and Fleet 2015 Show taking place in London on the 29-30th September
John Salmon, Partner and Sector Head, Financial Services at Pinsent Masons LLP will be speaking on the regulatory and legal concerns over the use of telematics
Thomas Hallauer will be suggesting solutions to the slow growth in the European market